Cyber attacks across Africa are rising fast and becoming more sophisticated, with criminals now leaning on artificial intelligence to scale their assaults across critical sectors, according to new research from Check Point Software Technologies.
In Johannesburg, the company released its African Perspectives on Cyber Security Report 2025, which outlines a steep climb in weekly attacks and a marked evolution in attacker behavior.
African organisations are now hit an average of 3,153 times per week. Among the countries assessed, Nigeria recorded the highest volume at 4,200 weekly attacks per organisation, while Ethiopia emerged as the most targeted nation overall.
Attackers are increasingly deploying AI to automate phishing, impersonation schemes, and cloud exploitation. They are also exploiting exposed identities and misconfigured systems to break into networks. Across finance, energy, telecoms, and government, Check Point Research reported surges in identity driven intrusions, AI generated phishing, and multi vector ransomware.
“AI has become part of the attack surface,” Lorna Hardie, Regional Director for Africa at Check Point Software Technologies, told Afcacia. “Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention first security that combines visibility, governance, and AI protection.”
Nigeria continues to face a high volume of business email compromise and cloud exploitation. South Africa is seeing a rise in ransomware, smishing, and botnet infections linked to strains such as Vo1d and XorDDoS.
“Ransomware affiliates emphasise data-leak extortion over encryption, and infostealers have surged, harvesting browser and VPN tokens (especially in BYOD) to feed initial-access brokers. Adversaries increasingly convert edge devices into relay infrastructure and exploit cloud/API misconfigurations to move laterally,” says Kingsley Oseghale, Country Manager, West Africa at Check Point Software Technologies.
A notable 2025 signal in Nigeria was the widespread exploitation of Microsoft SharePoint CVE-2025-53770, initially focused on government, software, and telecommunications, and later expanding to financial services.
Kenya’s critical infrastructure has come under pressure, including ransomware incidents that have targeted the national energy grid. “Nation-state operators are using AI-assisted disinformation, disruptive malware, and hacktivism to erode trust and set conditions for future access,” says John Paul Onyango, Country Manager, East Africa at the company. “Ransomware affiliates are emphasising data-leak extortion over encryption. Infostealers have surged, harvesting browser and VPN tokens, especially in BYOD environments, and feeding initial-access brokers.”
Morocco has been hit by coordinated disruptions in government and education, driven by DDoS activity and website defacement. “Over the last six months, organisations in Morocco faced 2 317 attack attempts per week on average, compared with 1 963 globally. Information Disclosure is the most common exploit class, impacting 69% of organisations,” says Mhammed Dinnia, Country Manager, North Africa at the company. “Phishing-led campaigns continue to drive credential theft, with brand-impersonation lures observed in Q3 2025, alongside rising misuse of edge devices and exposed APIs.”
Across these markets, the most common points of compromise remain AI generated phishing, credential theft, and insecure or misconfigured cloud environments. “AI-enabled social engineering: more convincing lures, synthetic voice/video, and personalised pretexting raise verification costs for both citizens and staff,” the report says. “Sensitive data is now widely distributed; posture management and data-loss controls for SaaS are as critical as cloud-infrastructure baselines.”
The report identifies five forces that are now shaping Africa’s cyber risk. Attacks are growing more sophisticated and more frequent, with Nigeria’s average of more than 4,200 weekly attacks standing far above the global baseline of 1,963. Traditional ransomware has shifted toward data leak extortion, where criminals threaten exposure rather than encryption.
AI powered deception has taken hold, with lifelike fake voices, videos, and messages bypassing older layers of defense. Identity has become the new frontline as attackers exploit credentials and weak access controls. And compliance itself has turned into a market access issue, with regulations such as the EU’s NIS2 Directive making cybersecurity performance a prerequisite for participation in global trade.
The report calls for a continent wide rethink of resilience as digital transformation accelerates. Security frameworks have not kept pace with new technologies in cloud, identity, and AI, widening the gap between innovation and protection. Closing that gap, the authors argue, will require a shift from reaction to prevention if African economies are to expand safely in an era of intelligent automation.
The findings emphasise the need for continuous risk assessment, regulatory readiness, and deeper cooperation between public and private actors to build long term digital trust. For both governments and businesses, prevention is no longer a technical preference but a strategic requirement tied directly to economic stability and investor confidence.
“The real challenge is not adopting new technology but securing the trust that underpins it. As AI reshapes how organisations operate, cybersecurity must move from reaction to prediction. The future of resilience in Africa depends on prevention first strategies that anticipate threats before they emerge,” Hardie said.